Crypt888 ransomware is a dangerous program that encrypts files and allows you to decrypt them only after you pay its required ransom. Alternatively, Crypt888 is known as MIRCOP ransomware (also known as MicroCop ransomware) but there is almost no doubt that this ransomware will change its name in the nearest future.

Different variants of Crypt888 use different email addresses to contact their victims. The latest its version uses maya_157_ransom@hotmail.com email address which you should never use to contact hackers and pay the money. If infected, you will be asked 0.8 BTC (584 USD) as a ransom to get a decryption tool.

The newest file extension used by Crypt888 ransomware is called Lock. It is added to every filename of the encrypted data, so for instance, if the file's name is picture.jpg, it will change to Lock.picture.jpg.

The analysis of our experts has revealed that Crypt888 ransomware has already been updated for several times. All these versions look almost identical because crooks do not change the main code drastically. However, each version provides a different user interface and language of communication.[1] For example, while one of these variants addresses its victims in Portuguese[2], the other targets Czech-speaking users.

Taking into account all these changes and the latest version, maya_157_ransom@hotmail.com virus, we are happy to inform you that Crypt888 decryption tool is still effective when you need to recover encrypted files. We assume that cyber criminals are trying to confuse victims and make them search the web for information about Petya ransomware, which cannot be decrypted using any free tools at the moment. Most likely criminals expect to convince victims to pay the ransom by pretending to be a different virus.

Of course, you should NEVER pay the ransom asked by ransomware virus because you can also use an opportunity to recover your encrypted files for free. Scroll down to see Crypt888 removal instructions and find our data recovery guide.

The variants of Crypt888 ransomware

MIRCOP ransomware. The initial version of the discussed ransomware virus used to set a black wallpaper with a picture of the Anonymous mask on it, accompanied by a short note stating the conditions for data recovery. The virus states that the victim “has stolen 48.48 BTC from the wrong people” and now needs to return them, and attempts to threaten the victim with a line “don’t take us for fools, we know more about you than you know about yourself.” You should not believe in such ridiculous threats and remove Crypt888 malware as soon as possible. [3]

Aviso ransomware. Aviso virus is a Brazilian version of this ransomware, which commands victims to contact criminals via informacaoh@gmail.com after paying a ransom worth 2000 Brazilian reals. The virus also adds Lock. prefix to encrypted data, and these files can be recovered for free using Crypt888 decryptor. This version does not differ from the previous ones except of the ransom note it sets as the desktop wallpaper.

The Italian version of Crypt888. Little information is available about the Italian version of this virus, however, according to malware researchers, this virus replaces victim’s desktop wallpaper with an image containing hacker’s manifesto words. The virus does not leave readme.txt (italian version: LEGGIMI.txt) file on the system, therefore, the victim is left without no information on how to restore encrypted data. This version showed up right after a suspicious ransomware variant that used to set “marked graphics” logo on the desktop. Since this particular version provided no decryption instructions or contact address, we assume that it was a test version.

The Portuguese version of the virus which has been spotted by the experts in November, 2016 uses different lock screen but its black and red design it similar to the previous Crypt888 versions. Since most security blogs have already warned the users about the Crypt 888 pretending to be a version of Petya ransomware 2017, the hackers have switched to other ransomware — the Locky virus. The lock screen now states that the user is infected with the “Locky ransomware” and the users have only 36 hours to pay the demanded ransom before their files are permanently destroyed. Please note, that you can still use the Crypt888 decryptor for this variant and fix your computer without paying the ransom or losing your files.

Questions about Crypt888 ransomware

At the end of February 2017, Crypt888 emerges with a version that adds Lock. prefix to encrypted files. This version doesn't provide any information about recovery methods, leaves no contact details, and basically, does not provide any information regarding data recovery. It doesn't even ask for ransom – it simply corrupts files, and that is it. This virus' version changes desktop's wallpaper with a picture of beach view. To recover your files, use the Crypt888 decryptor by Avast.

Zuahahhah ransomware virus. On July 2017, the virus has been updated one more time. The latest version of crypto-malware changes affected computer’s desktop to the message saying that due to the virus infection, passwords, email accounts, and files stored on the computer might be lost. According to the virus analysis, the virus might be capable of deleting files. However, you should not wait for it to happen and just remove Zuahahhah from the device. Once it’s done, you should be able to restore files with Crypt888 decryptor.

Maya_157_ransom@hotmail.com ransomware. The latest version of Crypt888 ransomware uses maya_157_ransom@hotmail.com email address to contact its victims. The ransom note displayed by this virus reads:

YOU ARE HACKEDAll your personal files have been encrypted!If you want restore your data you may have to pay! Contact us: maya_157_ransom@hotmail.comRemember! You can't restore your data without our decryptor!!!!!!

Just like previous versions, the virus requires paying 0.8 BTC. However, you can recover your files by removing this Crypt888 ransomware version and using the free decryptor presented by security experts.

Cyber criminals spread ransomware using multiple techniques

Crypt888 scam is mostly spread via malicious ads, email spam, and also with the help of exploit kits [4]. In general, these are the most efficient and popular ransomware dissemination techniques used by almost every ransomware developer.

Distribution of this infection is still based on catchy-looking ads, guileful email letters, and technologies that exploit security vulnerabilities in victim’s computer. If user’s computer is unprotected, there are hardly any chances to survive Crypt888 or similar ransomware attack, especially if the victim tends to click on eye-catching content without estimating the potential danger that lies behind it.

In such case, the only way to save your data is to have a backup. Unfortunately, not many computer users understand the importance of backups [5], so when ransomware infects their computers, in most cases they have no choice but to say goodbye to their personal files.

Wipe out Crypt888 virus from the computer automatically

We suggest using automatic Crypt888 removal tools because it is the safest way to remove malware, infectious files, and unwanted registry keys from the computer system.

It is highly recommended not to try to remove Crypt888 virus manually because, despite its foolish source code, it is still a dangerous program. Leaving one or two files that belong to it can have disastrous consequences later on. Please delete the virus carefully – follow instructions we have prepared for our visitors and get rid of the ransom-demanding virus.

You can decrypt files locked by this virus using a special decryption tool (download link provided below).

What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.

Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Crypt888 removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

When a new window shows up, click Next and select your restore point that is prior the infiltration of Crypt888. After doing that, click Next.

Now click Yes to start system restore.

Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Crypt888 removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Crypt888 from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Crypt888, you can use several methods to restore them:

Use Crypt888 decryptor

Good news for victims who have their computers infected with this hideous computer program – you can recover absolutely all files marked with Lock. prefix for free. Simply uninstall the virus and use this decryption tool then.